Can federal programs address cyber training?

computer and books

The government is trying to increase the pool of talented cybersecurity professionals with programs aimed at education and training. (Stock image)

The constantly evolving landscape of cybersecurity makes it difficult to stay ahead of the recruiting curve for skilled cyber professionals, but the dearth of such experts in the federal government has roots in the earliest levels of education. Now a handful of federal programs are tackling the issue, from elementary-school education to advanced professional training, with the hope of eventually alleviating a top worry of security executives across the government.

Despite significant growth in the cybersecurity workforce in recent years, managers are still feeling the personnel pinch, a new study from Frost and Sullivan and (ISC)2 indicates. According to the report, more than half – 56 percent – of information security professionals who responded believe there is a workforce shortage. It is creating a burden for existing personnel that stems from a narrow career pipeline, the report noted.

"You can spend a billion dollars on security hardware and software, but the problem is human," Montana Williams, director of the National Cybersecurity Education and Workforce Development Office, said at an (ISC)2 event on May 7. "So where does education and training come into that? How do we set a national standard that gives people a pathway of success, taking them from hiring to retiring?"

Williams said one issue is demographics, noting that 79 percent of federal IT workers are over the age of 40, while only 5 percent are under the age of 30.

To confront the issue, his office is focused on increasing awareness, broadening the pipeline and growing the profession, Williams said. Among the initiatives is a National Initiative for Cybersecurity Careers and Studies portal, launched in February, that Williams hopes "will become one-stop shop for the nation when it comes to cybersecurity careers and opportunities." Other plans involve academic centers of excellence updated for modern standards and requirements, and collaboration with educators to incorporate cybersecurity into early learning.

"It's hard for the federal government, even Department of Education, to dictate formal education all the way down to elementary level," said Williams, who stressed the need for engagement in STEM education at local and state levels. "We're teaching teachers to integrate cybersecurity into math, into history, into government, into biology – where is the nexus of cybersecurity in those basic disciplines?"

The efforts also include higher levels of education, including in college, but federal officials and others involved also are ramping up workforce-targeted plans.

The National Institute for Standards and Technology is making measurable progress with its national cybersecurity workforce framework, which has created a reference point for federal agencies working to identify gaps in skills in their workforce and to hire accordingly.

"It uses language that's general enough that government, private sector, military or academic can relate to it...we're seeing a lot of synergy," said Dr. Ernest McDuffie, lead for the National Initiative for Cybersecurity Education at NIST. "For the first time this allows federal managers to go in and look at job codes for IT specialists in the federal government...and identify exactly what those people are doing so then they can help establish a baseline to do some real gap analysis."

The framework, along with a new cybersecurity maturity model and diagnostic tools for determining staffing and security requirements – including risk assessments that Williams said agencies sorely need – are key for the emerging emphasis on workforce planning.

"We tend to peanut butter-spread our personnel and our resources across the entire organization, and that mindset needs to change...and focus on what most needs to be protected and what doesn't," Williams said. "That's what cybersecurity workforce planning does, that's what the maturity model is and that's what the diagnostic tool does – it puts that in human terms. How do you put those key human resources in the right spots, and what does that look like?"

According to the (ISC)2 report, more than half of those surveyed believe the most important resources center on people, including management support, qualified staff, policy adherence and staff training. That pattern likely will be reflected in the coming year as more than a third of C-level executives plan to increase spending on personnel and education and training, the report noted.

"Changes in IT and evolving IT norms on how, when and where business operations occur – such as BYOD, cloud computing and social media – remind us that information security professionals must be highly order to manage a dynamic range of risks," the report noted. "Consequently, information security professionals have no downtime; there are always new risk management challenges to address."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Wed, May 8, 2013

Real training based on actual job duties, please. Not the one-size-fits-all diploma mill certification racket, done via boot camps that teach to test and have a very steep knowledge decay curve.

Wed, May 8, 2013

Retirement.... Here I come!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group